diff --git a/user_guide_src/source/changelogs/v4.4.2.rst b/user_guide_src/source/changelogs/v4.4.2.rst
index 537a6ac9a5a4..863f8a31bf97 100644
--- a/user_guide_src/source/changelogs/v4.4.2.rst
+++ b/user_guide_src/source/changelogs/v4.4.2.rst
@@ -18,14 +18,14 @@ Message Changes
 Changes
 *******
 
+- **Security:** The presence of the CSRF token is now also checked in the raw body (not JSON format) for PUT, PATCH, and DELETE type of requests.
+
 Deprecations
 ************
 
 Bugs Fixed
 **********
 
-- **Security:** Fixed a bug where the CSRF token wasn't checked if we sent it in the raw body (not JSON format) for PUT, PATCH, and DELETE requests.
-
 See the repo's
 `CHANGELOG.md <https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md>`_
 for a complete list of bugs fixed.
diff --git a/user_guide_src/source/libraries/security.rst b/user_guide_src/source/libraries/security.rst
index bc5777f759fa..f78c1106e861 100644
--- a/user_guide_src/source/libraries/security.rst
+++ b/user_guide_src/source/libraries/security.rst
@@ -204,6 +204,7 @@ The order of checking the availability of the CSRF token is as follows:
 1. ``$_POST`` array
 2. HTTP header
 3. ``php://input`` (JSON request) - bear in mind that this approach is the slowest one since we have to decode JSON and then re-encode it
+4. ``php://input`` (raw body) - for PUT, PATCH, and DELETE type of requests
 
 *********************
 Other Helpful Methods